Method and arrangement for programming and verifying EEPROM pages and a corresponding computer software product and a corresponding computer-readable storage medium

ABSTRACT

The invention relates to a method and arrangement for programming and verifying EEPROM pages and a corresponding computer software product and a corresponding computer-readable storage medium, which can be used in particular to speed up the programming into the EEPROM of large amounts of data or code, such as occurs for example when smart cards are being personalized.  
     The invention relates to an arrangement that sets up a DMA connection between EEPROM and RAM—not including the core of the microcontroller involved—and makes possible automatic programming of data blocks of random length from the RAM to the EEPROM including the verification of the programming operation against the original data in the RAM under the control of the EEPROM logic.

[0001] The invention relates to a method and an arrangement forprogramming and verifying EEPROM pages and to a corresponding computersoftware product and to a corresponding computer-readable storagemedium, which can be used in particular to speed up the programming intothe EEPROM of large amounts of data or code, such as occurs for examplewhen smart cards are being personalized.

[0002] The development of microelectronics in the seventies made itpossible for miniature computers of credit card format with no userinterface to be produced. Computers of this kind are referred to assmart cards. In a smart card, a data memory and an arithmetic and logicunit are integrated into a single chip measuring a few squaremillimeters in size. Smart cards are used in particular as telephonecards and GSM SIM cards and in the banking field and in health care. Thesmart card has thus become a computing platform that we see wherever weturn.

[0003] Smart cards are currently regarded primarily as a safe and secureplace for holding secret data and as a safe and secure platform forrunning cryptographic algorithms. The reason why the data and algorithmson the card are assumed to enjoy relatively high safety and securitylies in the hardware construction of the card and in the interfaces thatare run to the exterior. From the outside the card looks like a “blackbox”, whose functions can only be accessed via a well-defined hardwareand software interface and which can compel the observance of certainsecurity policies. On the one hand, access to data can be linked tocertain conditions. Access from outside to critical data, such as secretkeys in a public key process for example, may even be totally barred. Onthe other hand a smart card is capable of running algorithms without itbeing possible for the execution of the individual operations to beobserved from outside. The algorithms themselves may be protected on thecard against being altered or read out. In an object-orientated sense,the smart card can be thought of as a type of abstract data that has awell-defined interface, that behaves in a specified way and that isitself capable of ensuring that certain integrity conditions areobserved with regard to its state.

[0004] Essentially, there are two different types of smart card. Memorycards have simply a serial interface, addressing and security logic andROM and EEPROM memories. Such cards perform only limited functions andare used for a specific application. This is why they are particularlycheap to produce. Smart cards produced in the form of microprocessorcards constitute, in principle, a complete general-purpose computer.

[0005] The process of manufacturing and supplying chip cards can bedivided into the following phases:

[0006] production of the chip,

[0007] embedding of the chip,

[0008] printing of the card

[0009] personalization of the card

[0010] issue of the card.

[0011] Each phase of the process is generally carried out by a companyspecializing in the particular operation. When the chips are beingproduced, care must be taken to ensure good security within the firm,particularly when the cards involved have hard-wired security logic. Toenable the manufacturer to carry out a proper final test, the entirememory has to be freely accessible. Only after the final test is thechip made secure by means of a transport code. Thereafter, access to thecard memory is possible only for authorized bodies that know thetransport code. Hence there is no point in stealing brand-new chips. Theauthorized bodies may be card personalizers or issuers. No furthermaking-secure functions are required for the embedding and printingoperations. There is no need for the firms involved to know thetransport code.

[0012] It is generally not the card manufacturer but the issuing body(e.g. a bank, telephone company, private or public health-care scheme)that puts the personal data into the card. This process is known aspersonalization and to perform it it is necessary to know the transportcode.

[0013] The issue of the card, i.e. its movement from the issuing body tothe cardholder, poses another security problem. To be exact, it is onlythe issue of the card to the card holder in person in return for asignature and production of an identity card or other personalidentification that is secure. It is true that sending out by post isoften cheaper, but it is also not very secure. Another problem isnotifying the cardholder of the PIN number, in which case the same carehas to be taken as with the card.

[0014] Because of the potentially dangerous security-related informationheld in the memories present in smart card controllers, not only do theabove safeguarding steps have to be taken but additional protection alsoneeds to be provided against the possible activities of hackers, whichmay cover every phase of the life of a smart card beginning with themanufacture of the card and extending through its transport and use tothe manipulation of cards that have become unusable.

[0015] When large amounts of data/code are being programmed into theEEPROM (such as in the course of personalization for example), arelatively large amount of time is wasted on the one hand by thetransmission of the data via an SFR bus and on the other by verificationthat is needed, after the programming of each page, of the data that hasbeen written to the EPPROM.

[0016] Hitherto, it was necessary, when personalizing the EEPROM forexample, for the individual steps (read-out of the RAM, writing of thepage to the EEPROM page register, another read-out, this time of theprogrammed bytes from the EEPROM, and comparison with the desired valuesfrom the RAM) to be performed by software means, which meant that aconsiderable proportion of the time taken to write to the page registerand to verify the programmed page was needed for bus transfers andregister instructions.

[0017] Where it is large areas of a memory that are written to, as isthe case for example when an EEPROM is being personalized with usercode, it is found to be a disadvantage that, to the time taken toprogram each page of the EEPROM, which is considerable anyway, there isadded the additional time needed for loading the page register andverifying the page programmed.

[0018] There are various known methods for transferring data betweenEEPROM's, ROM's and RAM's.

[0019] Disclosed in U.S. Pat. No. 5,802,268 is an arrangement thatperforms data access to a controller having ROM, RAM and EEPROM memorieslinked to it.

[0020] U.S. Pat. No. 5,778,440 describes an arrangement for verifyingdata programmed into an EEPROM. It relates solely to the control logicof the EEPROM memory itself and thus only to the components of thememory formed by its page register, memory matrix andprogramming/verification logic. It is thus a description purely ofverifying logic for the EEPROM but not of a special method oftransmitting data that, in particular, also involves the RAM.

[0021] German patent DE 43 44 379 A1 relates to a method of programmingan EPROM module arranged in a microprocessor circuit, part of thestorage capacity of which module is used as program storage for amicroprocessor that is connected to the EEPROM module by a bus line, thefree storage capacity of the EPROM module being taken up by datatransmitted from the microprocessor directly to the EPROM module and thetransmission of data along the address and data bus being frozen duringthe whole of the programming operation by stopping the timing to themicroprocessor.

[0022] Hence, what is presented here is simply an arrangement forprogramming an EEPROM in a controller architecture.

[0023] It is an object of the invention to specify a method, anarrangement and a corresponding computer software product and acorresponding computer-readable storage medium, of the generic type, bywhich the disadvantages of the conventional procedures are overcome andby which it becomes possible for data to be written from the RAM to thepage register of the EEPROM, and to be automatically verified after theprogramming operation, in as short a time as possible. At the same time,the hardware required at the EEPROM interface is to be minimal.

[0024] In accordance with the invention, this object is achieved bymeans of a collaborative association of the features in thecharacterizing clauses of claims 1, 10, 12 and 13 with the features inthe preambles. Advantageous embodiments of the invention are detailed inthe subelaims.

[0025] A particular advantage of the method of programming and verifyingEEPROM pages is that in a first step data words of a preset length areread from the RAM and written to the page register, in a second step theprogramming operation for these data words is carried out, and in athird step the data words are again read from the RAM and the programmeddata words are read from the EEPROM and verified, with steps one tothree being repeated until such time as the programming of the EEPROMhas been completed.

[0026] An arrangement for programming and verifying EEPROM pages isadvantageously set up so that it comprises a processor that is set up insuch a way that programming and verification of EEPROM pages can beperformed by, in a first step, reading data words of a preset lengthfrom the RAM and writing them to the page register, in a second step,carrying out the programming operation for these data words, and, in athird step, again reading the data words from the RAM and reading theprogrammed data words from the EEPROM and verifying them, with steps oneto three being repeated until such time as the programming of the EEPROMhas been completed.

[0027] A computer software product for programming and verifying EEPROMpages comprises a computer-readable storage medium on which is stored aprogram that, once it has been loaded into the memory of the computer orthe smart-card controller, makes it possible for the programming andverification of EEPROM pages to be performed by, in a first step,reading data words of a preset length from the RAM and writing them tothe page register, in a second step, carrying out the programmingoperation for these data words, and, in a third step, again reading thedata words from the RAM and reading the programmed data words from theEEPROM and verifying them, with steps one to three being repeated untilsuch time as the programming of the EEPROM has been completed.

[0028] To perform the programming and verification of EEPROM pages, useis advantageously made of a computer-readable storage medium on which isstored a program that, once it has been loaded into the memory of thecomputer or the smart-card controller, makes it possible for theprogramming and verification of EEPROM pages to be performed by, in afirst step, reading data words of a preset length from the RAM andwriting them to the page register, in a second step, carrying out theprogramming operation for these data words, and, in a third step, againreading the data words from the RAM and reading the programmed datawords from the EEPROM and verifying them, with steps one to three beingrepeated until such time as the programming of the EEPROM has beencompleted. It is particularly advantageous in this case for theprogramming and verification unit circuit arrangement (PVU) to performthis programming/verification function as a hardware function and for itthus to replace parts of the program that would otherwise be needed.

[0029] In the method according to the invention, the EEPROM interface isadvantageously given direct memory access to the RAM, the addresscontrol register and the data-word-length register during the cycles ofthe programming and verification operation.

[0030] It has proved advantageous for RAM address data to be loaded intothe start address SFR 7 of the PVU before the cycles of the programmingand verification operation begin and for the programming andverification sequence to be started by a report to the control/statusSFR of the PVU.

[0031] In a preferred embodiment of the method according to theinvention, provision is made for the start address of the data word inthe RAM that is to be read in the first step to be defined by the SFR ofthe programming and verification unit. Another advantageous embodimentof the method according to the invention is one in which the startaddress of the data word to be programmed in the EEPROM in the secondstep is defined by EADRX SFRs. In the method of programming andverifying EEPROM pages, it has proved advantageous for the preset lengthof the data word to be read in the first step to be defined by thecontrol/status SFR 6 of the PVU. It has also been found advantageous forthe verification of the programmed data words to be performed by thecontrol/status SFR of the PV-L.

[0032] A further advantage of the method according to the invention isthat the verification of the programmed data words takes place word byword. It has also been found advantageous for the RAM interface to havepriority logic that checks and if necessay delays or refuses CPU accessto the RAM during the cycles of the programming and verificationoperation.

[0033] As well as this, provision is made in a preferred embodiment ofthe method according to the invention for the processor to be part of asmart-card controller and for the arrangement to be a smart card.

[0034] The invention covers an arrangement that incorporates the datamemory (RAM) from which the page register of the EEPROM is loaded aspart of the arrangement, for which purpose a DMA (direct memory access)connection under the control of the EEPROM logic is introduced as anessential part of the invention between the RAM and the EEPROM and thusenables even quite large data blocks from the RAM that many times exceedthe storage capacity of the EEPROM page register to be programmed andverified under the control of the EEPROM logic. Hence in functionalterms the invention goes beyond the methods practiced in the past.

[0035] The invention provides an arrangement that sets up a DMAconnection between EEPROM and RAM—not including the core of themicrocontroller involved—and makes possible automatic programming ofdata blocks of random length from the RAM to the EEPROM including theverification of the programming operation against the original data inthe RAM under the control of the EEPROM logic.

[0036] Compared with the personalizing function which existed hitherto,this method has a major advantage in terms of speed because the maximumread/write rate is dependent only on the access timing of the EEPROM.There are no additional delays caused by SFR bus handshakes or comparecommands.

[0037] The verification of the programmed bytes by reading the RAM areatwice avoids the need for the page register to be duplicated at theEEPROM interface and thus minimizes the amount of hardware required.

[0038] These and other aspects of the invention are apparent from andwill be elucidated with reference to an embodiment described hereinafterand from and with reference to the accompanying drawing, which shows anEEPROM programming and verification unit (PVU).

[0039] To perform the programming and verification operation, an EEPROMinterface 2 is given DMA (direct memory access) to a RAM 1 and to twoadditional control registers that give the basic address Baddr in theRAM 1 and the length PagLen (maximum length of a page register 8) of thedata area to be programmed.

[0040] The page program and verify unit (FSM) at the EEPROM interface 2controls the running of the page programming in three phases:

[0041] Phase 1: Reading of PagLen data words from RAM 1 and writing ofthese words to page register 8. The page address in the EEPROM isdetermined in this case by the SFR's EADR2 . . . 0.

[0042] Phase 2: Start of programming operation.

[0043] Phase 3: Renewed read-out of the same data words from RAM 1,simultaneous read out of the programmed words from the EEPROM, andverification of the programmed data word by word.

[0044] The RAM interface must be given priority logic that slows down orforbids CPU access to RAM 1 during the EEPROM program and verify cycles.

[0045] Before the programming and verification operation begins, thestart address SFRs of the PVU are loaded with the RAM address data, andthe programming and verification operation is started by a report to thecontrol/status SFR 6 of the PVU.

[0046] The invention is not limited to the embodiments shown anddescribed here. By combining and modifying the means and featuresmentioned it is in fact possible to produce other variant embodimentswithout thereby exceeding the scope of the invention. List of referencenumerals 1 RAM 2 EEPROM interface 3 CNTRL 4 Address generator 5RAM/EEPROM data comparator 6 Control/status SFR of programming andverification unit (PVU) 7 RAM start address pointer SFR of PVU 8 (128byte) Page register 9 EEPROM matrix

1. A method of programming and verifying EEPROM pages, characterized inthat in a first step data words of a preset length are read from the RAM(1) and written to the page register (8), in a second step theprogramming operation for these data words is carried out, and in athird step the data words are again read from the RAM (1) and theprogrammed data words are read from the EEPROM and verified, with stepsone to three being repeated until such time as the programming of theEEPROM has been completed.
 2. A method as claimed in claim 1,characterized in that the EEPROM interface (2) is given direct memoryaccess (DMA) to the RAM (1), the address control register and thedata-word-length register during the cycles of the programming andverification operation.
 3. A method as claimed in any one of theforegoing claims, characterized in that RAM address data is loaded intothe start address SFR (7) of the PVU before the cycles of theprogramming and verification operation begin, and the programming andverification sequence is started by a report to the control/status SFR(6) of the PVU.
 4. A method as claimed in any one of the foregoingclaims, characterized in that the start address of the data word in theRAM (1) that is to be read in the first step is defined by the SFR ofthe programming and verification unit.
 5. A method as claimed in any oneof the foregoing claims, characterized in that the start address of thedata word to be programmed in the EEPROM in the second step is definedby EADRX SFRs.
 6. A method as claimed in any one of the foregoingclaims, characterized in that the preset length of the data word to beread in the first step is defined by the control/status SFR (6) of thePVU.
 7. A method as claimed in any one of the foregoing claims,characterized in that the verification of the programmed data words isperformed by the control/status SFR (6) of the PVU.
 8. A method asclaimed in any one of the foregoing claims, characterized in that theverification of the programmed data words takes place word by word.
 9. Amethod as claimed in any one of the foregoing claims, characterized inthat the RAM interface (2) has priority logic that checks and ifnecessary delays or refuses CPU access to the RAM (1) during the cyclesof the programming and verification operation.
 10. An arrangement havinga processor that is set up in such a way that the programming andverification of EEPROM pages can be performed by, in a first step,reading data words of a preset length from the RAM (1) and writing themto the page register (8), in a second step, carrying out the programmingoperation for these data words, and, in a third step, again reading thedata words from the RAM (1) and reading the programmed data words fromthe EEPROM and verifying them, with steps one to three being repeateduntil such time as the programming of the EEPROM has been completed. 11.An arrangement having a processor, as claimed in claim 10, characterizedin that the processor is part of a smart-card controller and thearrangement is a smart card.
 12. A computer software product thatcomprises a computer-readable storage medium on which is stored aprogram that, once it has been loaded into the memory of the computer orthe smart-card controller, makes it possible for the programming andverification of EEPROM pages to be performed by, in a first step,reading data words of a preset length from the RAM (1) and writing themto the page register (8), in a second step, carrying out the programmingoperation for these data words, and, in a third step, again reading thedata words from the RAM (1) and reading the programmed data words fromthe EEPROM and verifying them, with steps one to three being repeateduntil such time as the programming of the EEPROM has been completed. 13.A computer-readable storage medium on which is stored a program that,once it has been loaded into the memory of the computer or thesmart-card controller, makes it possible for the programming andverification of EEPROM pages to be performed by, in a first step,reading data words of a preset length from the RAM (1) and writing themto the page register (8), in a second step, carrying out the programmingoperation for these data words, and, in a third step, again reading thedata words from the RAM (1) and reading the programmed data words fromthe EEPROM and verifying them, with steps one to three being repeateduntil such time as the programming of the EEPROM has been completed.